Introduction

Samba AD currently doesn't provide support for SysVol replication. To achive this important feature in a Multi-DC environment, until it's implemented, workarounds are necessary to keep it in sync. This HowTo provides a basic workaround solution based on rsync and unison.

Information on unison + rsync replication

This HowTo describes a solution for SysVol replication, that is based on rsync and unison. As Compare to the rsync method, it is bidirectional. But this howto only cover two DC setup.

It have the following advantages:

setup is fast done

configuration is very easy

Can work with windows (Please add in)

We will use rsync through a SSH tunnel.

Setup the SysVol replication

Some assumptions:

You are running all commands as root.
rsync is located /usr/bin/rsync
sysvol is located /var/lib/samba/sysvol on both DC1 and DC2
unison is located /usr/bin/unison
DC1 is at DC1
DC2 is at DC2
sysvolsync log is located /var/log/sysvol-sync.log

Change the path if that don't fit your setup.

Setup on the Domain Controller with the PDC Emulator FSMO role

Install rsync by using your package manager or compile from source. Make sure, that you use a version that supports extended ACLs!

We don't need to setup rsync server.

Install unison by using your package manager or compile from source. (Gentoo need to do eselect unison to create the link)

Creating SSH Public Key and ssh-copy to DC2

ssh-keygen -t rsa
ssh-copy-id -i ~/.ssh/id_rsa.pub root@DC2

You can try to access DC2 via ssh

ssh DC2

Setup ssh Control

If the remote system enforces rate limits on incoming ssh connections, unison wil fail if you try to run it this way.
So we create the first ssh connection as a controlpath file in the location specified, all subsequent connections will reuse on the first connection.

Warning: Make sure that the destination folder is really your SysVol folder, because the command will replicate to the given directory and sync everything in it that isn't also on the source! You could damage your system! So check the output carefully if the replication is doing, what you expect!

When you try to resync the folder

Warning: Please follow the steps below OR you can end up with an empty sysvol folder.

Disable Cron on DC1, like Add a "#" on the line with crontab -e

Check is any rsync or unison are currently running in ps -aux if yes, wait for it to finished OR kill it (if it is zombie)

Remove the hash files on both DC1 and DC2 on /root/.unison

Now check your sysvol and resync

Confirm that everything is ok again

Re-enable the Cron on DC1 again

FAQ

How can I do this on windows?

I don't have an answer, please post on the mailing list

What to do if I've more than one DC?

In Theory, We would just make more cron jobs on DC1 and the complete sync will be perform next sync to all server.

Why can't I simply use a distributed filesystem like GlusterFS, Lustre, etc. for SysVol?

A cluster file system with Samba requires CTDB to be able to do it safely. And CTDB and AD DC are incompatible.